Hello,
I'll have to develop some private web-services, so I need a way to authenticate the users in order for each service to be able to know if a request is valid and to maintain some session states.
I'd like to have a central authentication service with some simple operations like "logIn(login, password)" (that uses a directory like LDAP), "isValidSession(sessionID)" and "logOut(sessionID)". The "logIn" operation should generate a session ID, or something similar, that would allow a user to communicate further with the other services by using this token.
Then when a user tries to use an operation :
- the user provides as the last parameter its session ID,
- the operation asks the authentication server if the provided ID is valid,
- if yes the operation retrieves user's session informations,
- the operation proceeds and return the result.
Does it exist standard patterns and technologies to manage this kind of scenario ?
Thanks in advance for your help.